Setting Access-Control-Allow-Origin in ASP.Net MVC

I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);

How do I enable CORS in C#?

First, we need to enable CORS in WebAPI, then we call the service from other application AJAX request. In order to enable CORS, we need to install the JSONP package from NuGet (see Figure3). After adding Jsonp package, we need to add the following code-snippet in App_Start\WebApiConfig. cs file.

How do you fix CORS missing Allow origin?

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.

For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute {     public override void OnActionExecuting(ActionExecutingContext filterContext)     {         filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");         base.OnActionExecuting(filterContext);     } }

Tag your action:

[AllowCrossSiteJson] public ActionResult YourMethod() {     return Json("Works better?"); }

For ASP.NET Web API

using System; using System.Web.Http.Filters;  public class AllowCrossSiteJsonAttribute : ActionFilterAttribute {     public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)     {         if (actionExecutedContext.Response != null)             actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");          base.OnActionExecuted(actionExecutedContext);     } }

Tag a whole API controller:

[AllowCrossSiteJson] public class ValuesController : ApiController {

Or individual API calls:

[AllowCrossSiteJson] public IEnumerable<PartViewModel> Get() {     ... }

For Internet Explorer <= v9

IE <= 9 doesn't support CORS. I've written a javascript that will automatically route those requests through a proxy. It's all 100% transparent (you just have to include my proxy and the script).

Download it using nuget corsproxy and follow the included instructions.

Blog post | Source code

Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method

Tags:

json

cors

asp.net-mvc-3

asp.net-ajax

Kjensen

People also ask

1 Answers

For plain ASP.NET MVC Controllers

Create a new attribute

Tag your action:

For ASP.NET Web API

Tag a whole API controller:

Or individual API calls:

For Internet Explorer <= v9

jgauffin

Recent Activity

Donate For Us

Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method

Tags:

json

cors

asp.net-mvc-3

asp.net-ajax

Kjensen

People also ask

1 Answers

For plain ASP.NET MVC Controllers

Create a new attribute

Tag your action:

For ASP.NET Web API

Tag a whole API controller:

Or individual API calls:

For Internet Explorer <= v9

jgauffin

Related questions

Recent Activity

Donate For Us